LAST UPDATED: 2022-10-16
How we scan
We scan by sending HTTP “GET /” connection request to port 5984/tcp. The request is tweaked to clarify we speak JSON.
You can reproduce our results by running:
zgrab2 http -p 5984 –custom-headers-names=Accept –custom-headers-values=’application/json’ –endpoint=”/”
If we receive a CouchDB response from an IP we followup with a “GET /_all_dbs” request to see a listing of visible databases (if any).
We do not perform any intrusive checks on a discovered service or database.
As of 2022-07-03, we found 4139 unique CouchDB server instances exposed on IPv4 (daily scan result).
You can track latest CouchDB scan results on the Shadowserver Dashboard.
It is unlikely that you need to have a CouchDB server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive this report from us for your network or constituency make sure to firewall traffic to this service.
In some cases access may be exploitable due to an additional vulnerability. A recent example is a CVSS 9.8 remote code execution vulnerability in Apache CouchDB (CVE-2022-24706).
For more information on our scanning efforts, check out our Internet scanning summary page.